last executing test programs:

1.865514572s ago: executing program 2 (id=402):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="64020000100001000000000000000000fc01f8d30fa111ca4f45000000000005000000000075b1d0fd86f74db500000000080000002f00"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="7f0000011a00000000000000000000000000000032000000ac1e000100000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002bbd70000000000002000000cd00000000000000ab0002006362632861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018030000e8e24c3ae283dc390b8d80c6a0f0560d4f0c3a14fef272e63d468db1a2a10691c030a64c39b96b1f3621a2bc5b09e7c0d21d2190dd06bfd4dd27271a42fb8a98f50caf1741b5014e8c2cd3882929542340bca70fd71ff83315acc873db557835f6fa14001c001700000000000000000000000000000000000000000000000000ac000700ac1414bb00000000000000000000000000000000000000000000ffffffffffff4e2110004e228000000000206c000000", @ANYRES32, @ANYRES32, @ANYBLOB="05000000000000000500000000000000be380000000000000300000000000000f9ffffffffffffff2902000000000000000000000000000000080000000000002c00000000000000080000000000000006000000000000007f0000000000000001010000000000000000030300000000"], 0x264}}, 0x0)

1.687999846s ago: executing program 2 (id=406):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x9c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x74, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x3c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x110}, 0x1, 0x9000000}, 0x0)

1.687103191s ago: executing program 2 (id=408):
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$inet6(0xa, 0x80002, 0x0)
r0 = socket$unix(0x1, 0x5, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c00168008000100", @ANYRES16=r0], 0x38}}, 0x10)

1.620239258s ago: executing program 2 (id=409):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800030002000000080007006401010108000700ac1414bb0800020003"], 0x78}}, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000200)=0x3, 0x4)
connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
socket$packet(0x11, 0x2, 0x300) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800030002000000080007006401010108000700ac1414bb0800020003"], 0x78}}, 0x0) (async)
socket$inet6(0xa, 0x80002, 0x0) (async)
setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000200)=0x3, 0x4) (async)
connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c) (async)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) (async)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) (async)

1.486896727s ago: executing program 2 (id=416):
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4)
sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x7, @local, 0x0, 0x3}, 0x80, &(0x7f0000000980)=[{&(0x7f0000000340)="f4001100052b3325fe80070000000000000000000009ffffffe000"/40, 0xfd1b}], 0x1}, 0x20040000)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e23, 0x3, 'lc\x00', 0x2, 0x3, 0x181a}, {@loopback, 0x4e20, 0x0, 0xffffffaf, 0x100522a0, 0x12d5c}}, 0x44)

1.483221429s ago: executing program 2 (id=419):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="ffffff00001c41cb9cc30000005338fe92832ada", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"/28], 0x50)
r1 = getpid()
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000500)=ANY=[@ANYRESDEC=r1], 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r4 = accept(r0, &(0x7f0000000440)=@nfc, &(0x7f0000000180)=0x80)
sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r3, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r1}}]}, 0x3c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r7=>0x0})
sendto$packet(r6, &(0x7f0000000180), 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r7}, 0x14)
r8 = socket$netlink(0x10, 0x3, 0x400000000000004)
recvfrom$unix(r4, &(0x7f0000000280), 0x0, 0x100, 0x0, 0x0)
r9 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r9, 0x11b, 0x3, &(0x7f00000001c0)=0x100000, 0x4)
writev(r8, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1)
setsockopt$XDP_TX_RING(r9, 0x11b, 0x3, &(0x7f0000000040), 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
connect$unix(r10, 0x0, 0x0)
sendmmsg$unix(r11, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r10, 0x0, 0x0, 0x0, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x1}, 0xc)

550.453211ms ago: executing program 0 (id=450):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="64020000100001000000000000000000fc01f8d30fa111ca4f45000000000005000000000075b1d0fd86f74db500000000080000002f00"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="7f0000010005000000000000000000000000000032000000ac1e000100000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002bbd70000000000002000000cd00000000000000ab0002006362632861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018030000e8e24c3ae283dc390b8d80c6a0f0560d4f0c3a14fef272e63d468db1a2a10691c030a64c39b96b1f3621a2bc5b09e7c0d21d2190dd06bfd4dd27271a42fb8a98f50caf1741b5014e8c2cd3882929542340bca70fd71ff83315acc873db557835f6fa14001c001700000000000000000000000000000000000000000000000000ac000700ac1414bb00000000000000000000000000000000000000000000ffffffffffff4e2110004e228000000000206c000000", @ANYRES32, @ANYRES32, @ANYBLOB="05000000000000000500000000000000be380000000000000300000000000000f9ffffffffffffff2902000000000000000000000000000000080000000000002c00000000000000080000000000000006000000000000007f0000000000000001010000000000000000030300000000"], 0x264}}, 0x0)

399.014098ms ago: executing program 0 (id=451):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan4\x00', <r2=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r1, 0x0, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0202}}}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x34}, 0x1, 0x0, 0x0, 0x44005}, 0x8081)
r4 = socket$kcm(0x29, 0x5, 0x0)
ioctl$FS_IOC_GETFLAGS(r4, 0x80086601, &(0x7f00000001c0))
r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000240), r0)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r5, 0x4, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400}, 0x4008000)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000380), r0)
sendmsg$NLBL_MGMT_C_REMOVEDEF(r0, &(0x7f0000000440)={&(0x7f0000000340), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x24, r6, 0x100, 0x10000, 0x25dfdbfe, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x2f}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xc}]}, 0x24}, 0x1, 0x0, 0x0, 0x104}, 0x0)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000004c0), r0)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x2c, r7, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x7}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x1}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000600)={'wpan4\x00', <r8=>0x0})
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000700)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x4c, r1, 0x4, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x4}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0x4}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0x7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x7f}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0xc010)
syz_genetlink_get_family_id$nbd(&(0x7f0000000740), r0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair(0x26, 0x1, 0x3, &(0x7f0000000780)={<r10=>0xffffffffffffffff})
r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x5, 0x0, 0x1, 0xe6, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{0x1, <r12=>0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000900)={0x1, <r13=>0xffffffffffffffff}, 0x4)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001b00)={0xffffffffffffffff, 0x58, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r14=>0x0}}, 0x10)
r15 = bpf$MAP_CREATE(0x0, &(0x7f0000001bc0)=@bloom_filter={0x1e, 0x0, 0x4, 0x6, 0x400, 0x1, 0xc0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x5, 0xd}, 0x50)
r16 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001c80)=@o_path={&(0x7f0000001c40)='./file0\x00', 0x0, 0x4010, r10}, 0x18)
r17 = bpf$MAP_CREATE(0x0, &(0x7f0000001cc0)=@bloom_filter={0x1e, 0x0, 0xce7, 0x7, 0x1042, 0xffffffffffffffff, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x2, 0xe}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001dc0)={{r9, <r18=>0xffffffffffffffff}, &(0x7f0000001d40), &(0x7f0000001d80)='%pK    \x00'}, 0x20)
r19 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001e00)={0x1b, 0x0, 0x0, 0x8001, 0x0, 0x1, 0x800000, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x3}, 0x50)
r20 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001ec0)=@generic={&(0x7f0000001e80)='./file0\x00', 0x0, 0x8}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001f80)={0x11, 0x1b, &(0x7f0000000940)=@raw=[@cb_func={0x18, 0x4, 0x4, 0x0, 0x5}, @generic={0x5, 0x1, 0x7, 0x8f, 0x1}, @map_val={0x18, 0x1, 0x2, 0x0, r11, 0x0, 0x0, 0x0, 0x236e}, @generic={0x0, 0x0, 0x6, 0x7, 0x401}, @tail_call={{0x18, 0x2, 0x1, 0x0, r12}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r13}}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}], &(0x7f0000000a40)='syzkaller\x00', 0x6, 0x1000, &(0x7f0000000a80)=""/4096, 0x40f00, 0x55, '\x00', r14, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000001b40)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000001b80)={0x5, 0xf, 0x7fffffff, 0x7}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000001f00)=[r15, 0xffffffffffffffff, r16, r17, 0xffffffffffffffff, r18, r19, r20], &(0x7f0000001f40)=[{0x1, 0x2, 0xd, 0x8}, {0x5, 0x4, 0xe, 0x3}, {0x4, 0x2, 0x1, 0x7}, {0x5, 0x4, 0xc, 0x6}]}, 0x94)
pselect6(0x40, &(0x7f0000002040)={0x1, 0x9, 0x6, 0x7, 0x5fc7, 0x600, 0xffffffffffffffc0, 0x177}, &(0x7f0000002080)={0x6, 0xd, 0xc, 0x8, 0x7fffffffffffffff, 0x5, 0xffffffffffffffff, 0x1}, &(0x7f00000020c0)={0x8000, 0x5c9, 0x71f, 0x336, 0x9, 0x0, 0xee, 0x7}, &(0x7f0000002100)={0x0, 0x989680}, &(0x7f0000002180)={&(0x7f0000002140)={[0x5]}, 0x8})

335.578271ms ago: executing program 0 (id=455):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="880000001000ffff27bd3000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000201100006000128009000100766c616e0000000050000280340004800c00010001000000020000000c000100cc090000060000000c00010027060000080000000c00010005000000050000000600010000000000100003800c003900040500008b00000008000500", @ANYRES32=r2], 0x88}, 0x1, 0x0, 0x0, 0x2000c855}, 0x8000002)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$kcm(0x15, 0x5, 0x0)
sendmsg$inet(r4, &(0x7f0000000300)={&(0x7f00000002c0)={0xa, 0xffff, @rand_addr=0x64010101}, 0x10, 0x0, 0x0, &(0x7f0000000380)=ANY=[], 0x6b}, 0xc000040)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x25dfdbfc, {0x7a, 0x0, 0x0, r8}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x8, 0xffffa888}]}}}]}, 0x3c}}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x1f, &(0x7f0000000640)={0x0, @in6={{0xa, 0x4e23, 0x3, @remote, 0x6}}, 0x6, 0x1}, 0x90)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r7)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x34, r9, 0x4, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x7, 0x1}}}}, [@NL80211_ATTR_MESH_ID={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x22}, 0x40800)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007000000c1000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000f4ffffffffffffff000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x6}, 0x94)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r12, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000027020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @reject={{0xfffffffffffffeef}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}}, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r11}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r11, &(0x7f0000000340), &(0x7f00000004c0)=""/192}, 0x20)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x400000000000004)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bond0\x00', <r13=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x800, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1b400}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r13}]}, 0x3c}}, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), r3)

250.093832ms ago: executing program 0 (id=457):
unshare(0x2a020400)
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) (async)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) (async)
sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)={0x58, r1, 0x300, 0x70bd29, 0x25dfdbfc, {}, [@handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x58}, 0x1, 0x0, 0x0, 0x880}, 0x10)
r3 = openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000000c0)={'wlan1\x00', &(0x7f0000000080)=@ethtool_stats}) (async, rerun: 64)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, 0x0) (async, rerun: 64)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
syz_init_net_socket$ax25(0x3, 0x5, 0xcb) (async)
sendmmsg$sock(r5, &(0x7f0000003640), 0x0, 0x20040059)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0)
writev(r6, &(0x7f0000000000)=[{&(0x7f00000000c0)="89c9157afde08ea4387fbe5739d1766791827bb588e5a143fea3b55347c980460b48a9d8a6579c910b46ee7b5e2ecf067a673b4bd1061bfd94c39247445926593da3717f1907fc9742eb0448d0236a020e606a457553f39c650c01d7702c0e5db4ea9bdc377cfa2b8f58c2b7f7d25c09f8cfa89b483afe93790ddfe1ea26f7c344", 0x81}], 0x1) (async, rerun: 32)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r6, 0x0) (async, rerun: 32)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r7, 0x84, 0x1e, 0x0, &(0x7f0000000080)) (async, rerun: 32)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f00000000c0)={<r8=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x14) (async, rerun: 32)
socket(0x1d, 0x2, 0x6)
r9 = socket(0x2, 0x80805, 0x0)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r11=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r9, 0x84, 0x7b, &(0x7f0000000300)={r11, 0x1}, 0x8) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x3}, 0x90) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000840)={r8, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c)

249.246805ms ago: executing program 1 (id=459):
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r0=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x20000400)
socket(0x1d, 0x2, 0x6) (async)
r2 = socket(0x1d, 0x2, 0x6)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, 0x0, 0x0) (async)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r3)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x54, r4, 0x1, 0xfffffefd, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x9}, {0xc, 0x90, 0x2}}]}, 0x54}}, 0x0) (async)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x54, r4, 0x1, 0xfffffefd, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x9}, {0xc, 0x90, 0x2}}]}, 0x54}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@deltclass={0x2c, 0x29, 0x100, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r0, {0x10, 0x7}, {0x10, 0x6}, {0xb, 0xffff}}, [@TCA_RATE={0x6, 0x5, {0x3, 0x5}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x15}, 0xc0c1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000a40)={&(0x7f0000000900)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x20, 0x20, 0x4, [@float={0x3, 0x0, 0x0, 0x10, 0x2}, @enum={0x2, 0x1, 0x0, 0x6, 0x4, [{0x1, 0x4}]}]}, {0x0, [0x61, 0x2e]}}, &(0x7f0000000980)=""/165, 0x3c, 0xa5, 0x1, 0x5}, 0x28)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r5)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x6}, {0x0, [0x2e, 0x61, 0x2e, 0x30]}}, 0x0, 0x1e, 0x0, 0x1, 0x80007}, 0x28)
sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)=ANY=[@ANYBLOB="c7ba538d", @ANYRES16=r6, @ANYBLOB="010000000000fbdbdf25250000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) (async)
sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)=ANY=[@ANYBLOB="c7ba538d", @ANYRES16=r6, @ANYBLOB="010000000000fbdbdf25250000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

189.951282ms ago: executing program 1 (id=460):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x9c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x74, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x3c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x110}, 0x1, 0x13000000}, 0x0)

189.714912ms ago: executing program 1 (id=461):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0xd, 0xd, &(0x7f0000000080)=ANY=[@ANYBLOB="1802000001000000000000000000000085100000010000009500000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff3702000008000000b703000000000028850000003900000095"], &(0x7f0000000740)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xffff}, [@call={0x85, 0x0, 0x0, 0xab}]}, &(0x7f00000000c0)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) (async)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=@newsa={0x140, 0x10, 0x413, 0x0, 0x25dfdbfb, {{@in6=@dev, @in=@remote}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x32}, @in=@dev, {}, {0x0, 0x8, 0x0, 0x8000}, {0x0, 0x4000000}, 0x0, 0x1000000, 0xa}, [@algo_aead={0x50, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x20, 0x40, "25cac521"}}]}, 0x140}}, 0x4000080)

184.830665ms ago: executing program 1 (id=462):
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$inet6(0xa, 0x80002, 0x0)
r0 = socket$unix(0x1, 0x5, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c00168008000100", @ANYRES16=r0], 0x38}}, 0x10)

110.671978ms ago: executing program 1 (id=463):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="280000001200090700f1ffffffffffff07000000000000001000008004000000080031"], 0x28}], 0x1}, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f00000000c0)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x42, 0x800000, 0x8, 0x7})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newtaction={0x90, 0x30, 0xffff, 0x0, 0x0, {}, [{0x7c, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x90}}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r4, 0x8983, &(0x7f0000000100)={0x8, '\x00', {'wg2\x00'}, 0x63})
write$bt_hci(r2, &(0x7f0000000080)=ANY=[], 0x6)
r5 = socket(0x10, 0x3, 0x0)
write(r5, &(0x7f0000000240)="aefc00001a0025f01d85bc04fef7681d020b49ff708800008003280008021000ac0a1410bc71176a36ede498534108e58342fa94a235a2a441f9", 0xfcae)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e21, 0x4, @private1, 0xd}, 0x1c)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB="020300030c000000ff0e00000000000002000900400000007026405ea9be49fa0300060000000000020032cd44500000000000000000000002000100000004d307000000000000e0030005003c00000002"], 0x60}, 0x1, 0x7}, 0x0)

110.06747ms ago: executing program 1 (id=464):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="64020000100001000000000000000000fc01f8d30fa111ca4f45000000000005000000000075b1d0fd86f74db500000000080000002f00"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="7f0000010011000000000000000000000000000032000000ac1e000100000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002bbd70000000000002000000cd00000000000000ab0002006362632861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018030000e8e24c3ae283dc390b8d80c6a0f0560d4f0c3a14fef272e63d468db1a2a10691c030a64c39b96b1f3621a2bc5b09e7c0d21d2190dd06bfd4dd27271a42fb8a98f50caf1741b5014e8c2cd3882929542340bca70fd71ff83315acc873db557835f6fa14001c001700000000000000000000000000000000000000000000000000ac000700ac1414bb00000000000000000000000000000000000000000000ffffffffffff4e2110004e228000000000206c000000", @ANYRES32, @ANYRES32, @ANYBLOB="05000000000000000500000000000000be380000000000000300000000000000f9ffffffffffffff2902000000000000000000000000000000080000000000002c00000000000000080000000000000006000000000000007f0000000000000001010000000000000000030300000000"], 0x264}}, 0x0)

545.924µs ago: executing program 0 (id=465):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8983, &(0x7f0000000000)={0x8, 'geneve1\x00', {'rose0\x00'}, 0x4}) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x7fffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="1b000000db233330ead5b50000008000000000008000000000ce47", @ANYRES32, @ANYRES16=r1, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) (async)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x40) (async)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) (async)
sendmmsg(r4, &(0x7f0000000180), 0x400008a, 0x0) (async)
sendmsg$key(r4, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000740)=ANY=[@ANYBLOB="0209000902000000fffffffffedbdf25e19ebada0a9357a2907174cae2b43c49b582a0bbcfbc1d4e35b784c2a0bf38b3d609c27e55"], 0x10}}, 0x0) (async)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000000400)={0x1, 0x1, 0x6, 0x0, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback}, 0x10)
r5 = socket$inet(0x2, 0x3, 0x1) (async)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
sendmsg(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000004c0)="00008aa70c000600", 0xfffffffffffffef5}], 0x1, 0x0, 0x0, 0x11000000}, 0x2008000) (async)
r6 = socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x2, 0x300) (async)
r7 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000000), 0x4) (async)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000), 0x8) (async)
r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000540)=0xffffffffffffffff, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x2d, &(0x7f0000000e40)=ANY=[], &(0x7f0000000440)='GPL\x00', 0xfffffffa, 0x1007, &(0x7f0000001d40)=""/4103, 0x41100, 0x10, '\x00', 0x0, 0x25, r8, 0x8, &(0x7f0000000580)={0x20000004, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x2, 0xc, 0x0, 0x800a4e}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000800)=[r2, r2], &(0x7f0000000840), 0x10, 0x7}, 0x94) (async)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYRES16=r2], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
sendmsg$nl_route(r0, &(0x7f00000008c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000880)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001a00000426bdfdf3e9dfcb17a25cdfb0eacc99064b7128dbdf250000000010b96c07f3621b256a4e8cb83cb7a733d8c20c808427964e08b0504f269a72f23f3688a7383bb20dfeeacfc46645aa7a98aa33f39458b141e15b31b562c4f228327a6f5f19d3514d178cacbedaaa779c903b7cb441b30efc67bdbe6f6687f8174116feb1ce437ee806d3e8ce1310f3be9b3536bebd1e7adbedbcd6b94bf81506d6475b970fffcc35139e9dc1fdf88f6505f61cb3f5721834c6fc31af01359e0679f1c2f50c68e9d89490aaaa3620f37ad9d8bba4b09efb2654c70ff5d525ea93b6"], 0x14}, 0x1, 0x0, 0x0, 0xc0c5}, 0x4000011) (async)
ioctl$FIONCLEX(r9, 0x5450)
getsockopt$IP_VS_SO_GET_VERSION(r5, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40) (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="2c0000003e0007012dbd7000fcdbdf25047c0000040000000300", @ANYRES32=0x0, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x20040000}, 0x44000)
setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, &(0x7f0000000140)=0x8001, 0x4)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f0000000c00)=ANY=[@ANYBLOB="40000000310002002abd7000fbdbdf250300000004000000000000000000011492054e39e6dd283d2870978b57b7fd009d00fe8000001000000000000000000000aa00000000000000000000000000bea618bf067a5f763635310638b945c653edd167159b5a3120f427382c733a70353cab0dd5d4b97b82a92023a0213b94e543778df402886484751d63d2e5bb90981608d68d264cb6e57d4f6e0115dcec58f1b9e872c46c0a03ff10f92d3f57d9a2"], 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x40)

0s ago: executing program 0 (id=466):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000002000000000000a000000000000000000000008000400", @ANYRES32=r0, @ANYBLOB="06001500030000000c00168008000100", @ANYRES16], 0x38}}, 0x10)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:22525' (ED25519) to the list of known hosts.
syzkaller login: [   48.415076][ T5786] cgroup: Unknown subsys name 'net'
[   48.535899][ T5786] cgroup: Unknown subsys name 'cpuset'
[   48.540277][ T5786] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   49.877891][ T5786] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   53.335656][ T5821] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   53.339458][ T5821] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   53.342990][ T5821] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   53.346743][ T5821] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   53.349994][ T5821] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   53.369119][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   53.377515][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   53.380702][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   53.384459][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   53.398938][ T5827] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   53.402224][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   53.405461][ T5827] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   53.408343][ T5827] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   53.425523][ T5827] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   53.429106][ T5827] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.528898][ T5818] chnl_net:caif_netlink_parms(): no params data found
[   53.652821][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.655720][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.658893][ T5818] bridge_slave_0: entered allmulticast mode
[   53.662047][ T5818] bridge_slave_0: entered promiscuous mode
[   53.677978][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.680356][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.683958][ T5818] bridge_slave_1: entered allmulticast mode
[   53.687171][ T5818] bridge_slave_1: entered promiscuous mode
[   53.699911][ T5822] chnl_net:caif_netlink_parms(): no params data found
[   53.708000][ T5825] chnl_net:caif_netlink_parms(): no params data found
[   53.722140][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.733984][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.786504][ T5818] team0: Port device team_slave_0 added
[   53.801846][ T5818] team0: Port device team_slave_1 added
[   53.857485][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.860099][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.863149][ T5822] bridge_slave_0: entered allmulticast mode
[   53.866370][ T5822] bridge_slave_0: entered promiscuous mode
[   53.869458][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.871865][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.874824][ T5822] bridge_slave_1: entered allmulticast mode
[   53.878190][ T5822] bridge_slave_1: entered promiscuous mode
[   53.881045][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.883927][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.886337][ T5825] bridge_slave_0: entered allmulticast mode
[   53.889714][ T5825] bridge_slave_0: entered promiscuous mode
[   53.894004][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.896836][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.899094][ T5825] bridge_slave_1: entered allmulticast mode
[   53.904781][ T5825] bridge_slave_1: entered promiscuous mode
[   53.909471][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.912547][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.922097][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.934371][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.936724][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.945884][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.978528][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.983880][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.995283][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.007309][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.042169][ T5825] team0: Port device team_slave_0 added
[   54.045750][ T5825] team0: Port device team_slave_1 added
[   54.057547][ T5818] hsr_slave_0: entered promiscuous mode
[   54.060332][ T5818] hsr_slave_1: entered promiscuous mode
[   54.064911][ T5822] team0: Port device team_slave_0 added
[   54.075290][ T5822] team0: Port device team_slave_1 added
[   54.084242][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.086544][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.095097][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.110445][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.112965][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.121205][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.161398][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.164089][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.172509][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.185794][ T5825] hsr_slave_0: entered promiscuous mode
[   54.188103][ T5825] hsr_slave_1: entered promiscuous mode
[   54.190177][ T5825] debugfs: 'hsr0' already exists in 'hsr'
[   54.192089][ T5825] Cannot create hsr debugfs directory
[   54.195534][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.198410][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.207504][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.281663][ T5822] hsr_slave_0: entered promiscuous mode
[   54.284584][ T5822] hsr_slave_1: entered promiscuous mode
[   54.286754][ T5822] debugfs: 'hsr0' already exists in 'hsr'
[   54.288652][ T5822] Cannot create hsr debugfs directory
[   54.405810][ T5818] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   54.416322][ T5818] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   54.426316][ T5818] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   54.436311][ T5818] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   54.459552][ T5825] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   54.465789][ T5825] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   54.470135][ T5825] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   54.475140][ T5825] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   54.530931][ T5822] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   54.538763][ T5822] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   54.556267][ T5822] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   54.569026][ T5822] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   54.638831][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.659946][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.665794][ T5818] 8021q: adding VLAN 0 to HW filter on device team0
[   54.675771][ T4985] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.678236][ T4985] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.698832][ T4985] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.701230][ T4985] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.720052][ T5825] 8021q: adding VLAN 0 to HW filter on device team0
[   54.729841][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.741804][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.744291][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.756748][ T5822] 8021q: adding VLAN 0 to HW filter on device team0
[   54.763756][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.766129][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.780975][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.783668][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.800485][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.802992][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.849978][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.855605][ T5822] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   54.905871][ T5818] veth0_vlan: entered promiscuous mode
[   54.910700][ T5818] veth1_vlan: entered promiscuous mode
[   54.939070][ T5818] veth0_macvtap: entered promiscuous mode
[   54.944993][ T5818] veth1_macvtap: entered promiscuous mode
[   54.950305][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.966646][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0
[   54.970978][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1
[   54.990659][ T5846] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   54.993941][ T5846] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   54.999051][ T5846] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.009318][ T5846] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.036749][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.041032][ T5825] veth0_vlan: entered promiscuous mode
[   55.055900][  T242] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.058560][  T242] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.060036][ T5825] veth1_vlan: entered promiscuous mode
[   55.086071][ T4985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.089331][ T4985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.105233][ T5822] veth0_vlan: entered promiscuous mode
[   55.118598][ T5825] veth0_macvtap: entered promiscuous mode
[   55.119648][ T5818] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   55.122723][ T5822] veth1_vlan: entered promiscuous mode
[   55.129316][ T5825] veth1_macvtap: entered promiscuous mode
[   55.157294][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.164757][ T5822] veth0_macvtap: entered promiscuous mode
[   55.171188][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.188054][ T5822] veth1_macvtap: entered promiscuous mode
[   55.196292][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.200108][ T5690] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.205251][ T5690] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.209030][ T5690] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.248446][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.290634][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.301511][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.310788][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.319536][ T5846] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.343628][ T5846] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.347013][ T5846] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.361543][ T5846] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.368187][  T242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.370809][  T242] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.385793][ T5210] Bluetooth: hci0: command tx timeout
[   55.472754][   T54] Bluetooth: hci2: command tx timeout
[   55.474985][ T5210] Bluetooth: hci1: command tx timeout
[   55.495685][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.498313][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.596436][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.599078][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.807813][ T5894] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'.
[   55.925682][ T5904] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[   55.974664][ T5904] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.495730][ T5917] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.593185][ T5914] IPVS: ip_vs_add_dest(): server weight less than zero
[   56.595811][   T10] IPVS: starting estimator thread 0...
[   56.675960][ T5922] warning: `syz.1.9' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   56.704802][ T5920] IPVS: using max 80 ests per chain, 192000 per kthread
[   56.815119][   T12] IPVS: stop unused estimator thread 0...
[   56.854463][ T5927] smc: net device bond0 applied user defined pnetid SYZ2
[   56.857076][ T5927] netlink: 14 bytes leftover after parsing attributes in process `syz.1.11'.
[   56.900930][ T5927] smc: removing net device bond0 with user defined pnetid SYZ2
[   56.905482][ T5927] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   56.909995][ T5927] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   56.914051][ T5927] bond0 (unregistering): Released all slaves
[   56.984040][ T5904] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   57.462894][ T5210] Bluetooth: hci0: command tx timeout
[   57.542477][ T5210] Bluetooth: hci1: command tx timeout
[   57.542515][   T54] Bluetooth: hci2: command tx timeout
[   57.885438][ T5917] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.253171][ T5904] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.639495][ T5904] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.707239][   T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.727843][ T5917] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.738373][ T5846] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.741120][ T5846] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.746647][ T5940] netlink: 'syz.1.13': attribute type 4 has an invalid length.
[   58.750894][ T5846] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.790782][ T5917] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.988279][ T5846] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.021432][ T5846] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.057879][ T5846] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.070944][ T5846] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.290227][ T5978] netlink: 'syz.0.25': attribute type 32 has an invalid length.
[   59.315037][ T5978] netlink: 52 bytes leftover after parsing attributes in process `syz.0.25'.
[   59.318757][ T5978] netlink: 52 bytes leftover after parsing attributes in process `syz.0.25'.
[   59.324193][ T5978] netlink: 52 bytes leftover after parsing attributes in process `syz.0.25'.
[   59.338952][ T5978] netlink: 16 bytes leftover after parsing attributes in process `syz.0.25'.
[   59.426230][ T5978] netlink: 'syz.0.25': attribute type 40 has an invalid length.
[   59.546973][   T54] Bluetooth: hci0: command tx timeout
[   59.561404][ T6005] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.599536][ T6005] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.623219][   T54] Bluetooth: hci2: command tx timeout
[   59.623237][ T5210] Bluetooth: hci1: command tx timeout
[   59.655957][ T6005] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.779371][ T6005] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.791280][ T6027] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.854373][ T6027] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.120312][ T6027] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.280952][ T6027] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.339034][ T6077] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   60.349636][ T6077] netlink: 'syz.1.35': attribute type 8 has an invalid length.
[   60.406667][ T6077] smc: adding net device bond0 with user defined pnetid SYZ2
[   60.469225][ T6084] netlink: 56 bytes leftover after parsing attributes in process `syz.1.37'.
[   60.517945][ T6088] syz.1.39 uses obsolete (PF_INET,SOCK_PACKET)
[   60.520946][ T6088] syzkaller1: entered promiscuous mode
[   60.526199][ T6088] syzkaller1: entered allmulticast mode
[   60.740352][ T6095] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   61.556812][ T5868] IPVS: starting estimator thread 0...
[   61.623074][ T5210] Bluetooth: hci0: command tx timeout
[   61.666893][ T6101] IPVS: using max 78 ests per chain, 187200 per kthread
[   61.704431][ T5210] Bluetooth: hci2: command tx timeout
[   61.704450][   T54] Bluetooth: hci1: command tx timeout
[   61.764700][ T6114] netlink: 'syz.1.44': attribute type 8 has an invalid length.
[   62.040500][ T6129] Zero length message leads to an empty skb
[   62.055905][ T6129] netlink: 36 bytes leftover after parsing attributes in process `syz.1.49'.
[   62.059909][ T6129] ieee802154 phy0 wpan0: encryption failed: -22
[   62.109544][ T6131] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (2878)
[   62.116696][ T6131] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255
[   62.123403][ T6131] netlink: 12 bytes leftover after parsing attributes in process `syz.1.50'.
[   62.291296][ T6143] netlink: 12 bytes leftover after parsing attributes in process `syz.1.52'.
[   62.298224][ T6143] xfrm1: entered promiscuous mode
[   62.300010][ T6143] xfrm1: entered allmulticast mode
[   62.370194][ T5690] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.389026][ T5690] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.402596][ T5690] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.422417][ T5690] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.499678][ T6156] netlink: 'syz.1.57': attribute type 1 has an invalid length.
[   62.977657][ T6208] netlink: 'syz.1.62': attribute type 29 has an invalid length.
[   62.980821][ T6209] netlink: 'syz.1.62': attribute type 29 has an invalid length.
[   62.988379][ T6208] netlink: 596 bytes leftover after parsing attributes in process `syz.1.62'.
[   63.121070][ T6216] netlink: 'syz.1.64': attribute type 9 has an invalid length.
[   63.124128][ T6216] netlink: 'syz.1.64': attribute type 7 has an invalid length.
[   63.160139][ T5690] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.175050][ T5690] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.205463][ T5846] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.214648][ T5846] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.707288][   T12] syzkaller0: tun_net_xmit 76
[   63.710528][   T12] syzkaller0: tun_net_xmit 48
[   63.712951][ T6289] tipc: Started in network mode
[   63.722557][ T5869] syzkaller0: tun_net_xmit 76
[   63.735271][ T6289] tipc: Node identity , cluster identity 4711
[   63.738283][ T6289] tipc: Failed to obtain node identity
[   63.740268][ T6289] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   64.611152][ T6317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   65.509427][ T6345] ieee802154 phy0 wpan0: encryption failed: -22
[   65.551515][ T6347] pim6reg1: entered promiscuous mode
[   65.554908][ T6347] pim6reg1: entered allmulticast mode
[   65.640399][ T6350] netlink: 12 bytes leftover after parsing attributes in process `syz.1.87'.
[   65.643641][ T6350] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   65.646276][ T6350] IPv6: NLM_F_CREATE should be set when creating new route
[   65.691185][ T6355] netlink: 32 bytes leftover after parsing attributes in process `syz.0.86'.
[   65.709246][ T6355] 8021q: adding VLAN 0 to HW filter on device bond1
[   65.712193][ T6355] team0: Port device bond1 added
[   65.975998][ T6385] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[   66.023088][ T6385] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.077046][ T6385] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.149791][ T6387] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.176598][ T6385] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.187450][ T6387] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.238119][ T6385] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.265978][ T6387] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.337602][   T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.345492][ T6387] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.358006][   T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.366117][   T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.374187][   T12] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.398293][ T5690] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.406505][ T5690] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.414173][ T5690] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.425015][ T5690] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.581353][ T6392] dummy0: entered allmulticast mode
[   66.621142][ T6405] netlink: 60 bytes leftover after parsing attributes in process `syz.1.99'.
[   66.625269][ T6405] unsupported nlmsg_type 40
[   66.681034][ T6407] netlink: 8 bytes leftover after parsing attributes in process `syz.1.100'.
[   67.298552][ T6392] dummy0: left allmulticast mode
[   67.409356][ T6438] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   67.425485][ T6438] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   67.433930][ T6438] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   67.658416][ T6469] validate_nla: 1 callbacks suppressed
[   67.658433][ T6469] netlink: 'syz.0.114': attribute type 1 has an invalid length.
[   68.548620][ T6537] netlink: 28 bytes leftover after parsing attributes in process `syz.2.118'.
[   68.638234][ T6537] 8021q: adding VLAN 0 to HW filter on device bond1
[   68.646352][ T6537] bond0: (slave bond1): Enslaving as an active interface with an up link
[   68.686796][ T6550] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.740914][ T6557] netlink: 16 bytes leftover after parsing attributes in process `syz.2.123'.
[   68.770808][ T6550] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.835893][ T6550] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.891846][ T6550] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.915988][ T6566] netlink: 8 bytes leftover after parsing attributes in process `syz.1.127'.
[   68.977374][ T6572] netlink: 'syz.2.129': attribute type 29 has an invalid length.
[   68.980611][ T6571] netlink: 'syz.2.129': attribute type 29 has an invalid length.
[   68.988838][ T6571] netlink: 596 bytes leftover after parsing attributes in process `syz.2.129'.
[   69.555701][ T6607] netlink: 24 bytes leftover after parsing attributes in process `syz.1.138'.
[   69.663283][ T6609] netlink: 36 bytes leftover after parsing attributes in process `syz.2.139'.
[   69.672958][ T6609] netlink: 16 bytes leftover after parsing attributes in process `syz.2.139'.
[   69.676224][ T6609] netlink: 36 bytes leftover after parsing attributes in process `syz.2.139'.
[   69.685580][ T6609] netlink: 36 bytes leftover after parsing attributes in process `syz.2.139'.
[   69.818953][ T6624] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.860357][ T6624] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.957073][ T6624] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.047985][ T6624] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.085654][ T5848] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.091561][ T5848] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.103996][ T5848] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.111582][ T5848] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.164555][ T6650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.153'.
[   70.256012][ T6656] openvswitch: netlink: VXLAN extension message has 9 unknown bytes.
[   70.312621][ T6660] netlink: 'syz.0.158': attribute type 1 has an invalid length.
[   70.416992][ T6669] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (256)
[   70.574069][ T6680] bridge_slave_0: left allmulticast mode
[   70.576351][ T6680] bridge_slave_0: left promiscuous mode
[   70.579398][ T6680] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.588618][ T6680] bridge_slave_1: left allmulticast mode
[   70.591145][ T6680] bridge_slave_1: left promiscuous mode
[   70.596634][ T6680] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.606629][ T6680] bond0: (slave bond_slave_0): Releasing backup interface
[   70.611664][ T6680] bond0: (slave bond_slave_1): Releasing backup interface
[   70.620870][ T6680] team0: Port device team_slave_0 removed
[   70.632124][ T6680] team0: Port device team_slave_1 removed
[   70.635560][ T6680] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   70.638248][ T6680] batman_adv: batadv0: Removing interface: batadv_slave_0
[   70.641341][ T6680] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   70.644939][ T6680] batman_adv: batadv0: Removing interface: batadv_slave_1
[   70.651806][ T6680] bond0: (slave bond1): Releasing backup interface
[   70.671190][ T5690] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.693878][ T5690] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.711636][ T5690] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.718847][ T6685] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.738245][ T5690] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.779977][ T6685] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.834238][ T6685] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.909054][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   70.937230][ T6699] gre1: entered promiscuous mode
[   70.946618][ T6685] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.064500][ T5690] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.072848][ T5690] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.080720][ T5690] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.089452][ T5690] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.337300][ T6710] netlink: 'syz.0.173': attribute type 1 has an invalid length.
[   71.436295][ T6716] Bluetooth: MGMT ver 1.23
[   71.516668][ T6719] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.519452][ T6719] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.598774][ T6719] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   71.607394][ T6719] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   71.686511][ T6719] xfrm1: left promiscuous mode
[   71.688809][ T6719] xfrm1: left allmulticast mode
[   71.708239][ T5690] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   71.712031][ T5690] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   71.795713][ T5690] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   71.805563][ T5690] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   72.172635][ T6764] netlink: 'syz.1.185': attribute type 1 has an invalid length.
[   72.358353][ T6785] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.418085][ T6785] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.486881][ T6785] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.557147][ T6785] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.854581][ T6792] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   72.859832][ T6792] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   72.864868][ T6792] bond0 (unregistering): Released all slaves
[   74.004723][ T6802] netlink: 'syz.0.193': attribute type 1 has an invalid length.
[   74.040785][ T6804] __nla_validate_parse: 10 callbacks suppressed
[   74.040801][ T6804] netlink: 36 bytes leftover after parsing attributes in process `syz.0.194'.
[   74.178629][ T6809] vxcan1: entered allmulticast mode
[   74.332076][ T6817] netlink: 'syz.0.199': attribute type 1 has an invalid length.
[   74.352520][ T6817] bond0: (slave ip6gretap1): Enslaving as a backup interface with an up link
[   74.420213][ T6823] netlink: 'syz.0.201': attribute type 1 has an invalid length.
[   74.454810][ T6825] openvswitch: netlink: Multiple metadata blocks provided
[   74.697547][ T5848] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.712015][ T5848] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.731062][ T5846] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.744114][ T5846] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.750733][ T6845] syzkaller1: entered promiscuous mode
[   74.753806][ T6845] syzkaller1: entered allmulticast mode
[   75.041218][ T6865] netlink: 'syz.2.212': attribute type 1 has an invalid length.
[   75.221193][ T6879] netlink: 'syz.2.216': attribute type 1 has an invalid length.
[   75.483395][ T6890] netlink: 14 bytes leftover after parsing attributes in process `syz.2.220'.
[   75.541394][ T6890] bond0 (unregistering): Released all slaves
[   75.711748][ T6892] netlink: 'syz.0.221': attribute type 1 has an invalid length.
[   76.736120][ T6899] netlink: 'syz.0.224': attribute type 9 has an invalid length.
[   76.738720][ T6899] netlink: 'syz.0.224': attribute type 7 has an invalid length.
[   76.741156][ T6899] netlink: 'syz.0.224': attribute type 8 has an invalid length.
[   77.657567][ T6908] IPVS: set_ctl: invalid protocol: 43 10.1.1.2:20000
[   77.682027][ T6906] netlink: zone id is out of range
[   77.686564][ T6906] netlink: zone id is out of range
[   77.690733][ T6906] netlink: zone id is out of range
[   77.704271][ T6915] netlink: 'syz.0.228': attribute type 1 has an invalid length.
[   77.716270][ T6906] netlink: zone id is out of range
[   77.718649][ T6906] netlink: zone id is out of range
[   77.720823][ T6906] netlink: zone id is out of range
[   77.725944][ T6906] netlink: zone id is out of range
[   77.728826][ T6906] netlink: zone id is out of range
[   77.731033][ T6906] netlink: zone id is out of range
[   78.962637][ T6952] netlink: 20 bytes leftover after parsing attributes in process `syz.2.239'.
[   79.366612][ T6975] validate_nla: 1 callbacks suppressed
[   79.366626][ T6975] netlink: 'syz.2.244': attribute type 8 has an invalid length.
[   79.513538][ T6979] tun0: tun_chr_ioctl cmd 35111
[   79.516825][   T47] IPVS: starting estimator thread 0...
[   79.612598][ T6981] IPVS: using max 78 ests per chain, 187200 per kthread
[   79.620800][ T6983] netlink: 8 bytes leftover after parsing attributes in process `syz.2.246'.
[   79.654141][ T6987] netlink: 172 bytes leftover after parsing attributes in process `syz.2.248'.
[   79.657643][ T6987] netlink: 16 bytes leftover after parsing attributes in process `syz.2.248'.
[   79.870570][ T5690] IPVS: stop unused estimator thread 0...
[   80.381646][ T7044] netlink: 277 bytes leftover after parsing attributes in process `syz.1.259'.
[   81.045402][ T7061] netlink: 'syz.0.264': attribute type 6 has an invalid length.
[   81.048711][ T7061] netlink: 176 bytes leftover after parsing attributes in process `syz.0.264'.
[   81.143401][    T9] cfg80211: failed to load regulatory.db
[   81.239341][ T7064] netlink: 'syz.2.265': attribute type 4 has an invalid length.
[   81.328770][ T7072] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   81.348837][ T7070] netlink: 24 bytes leftover after parsing attributes in process `syz.2.269'.
[   81.393591][ T7072] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   81.453867][ T7084] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   81.458956][ T7072] macvlan0: entered allmulticast mode
[   81.471381][ T7072] veth1_vlan: entered allmulticast mode
[   81.479946][ T7072] team0: Port device macvlan0 added
[   81.486964][ T7072] netlink: 4 bytes leftover after parsing attributes in process `syz.0.268'.
[   81.517996][ T7088] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[   81.522791][ T7087] IPVS: stopping backup sync thread 7088 ...
[   81.640752][ T7094] IPVS: set_ctl: invalid protocol: 47 127.0.0.1:20001
[   82.006308][ T7072] syz.0.268 (7072) used greatest stack depth: 19608 bytes left
[   82.064030][ T7120] netlink: 'syz.0.277': attribute type 1 has an invalid length.
[   82.097766][ T7124] netlink: 'syz.2.278': attribute type 29 has an invalid length.
[   82.101117][ T7124] netlink: 'syz.2.278': attribute type 29 has an invalid length.
[   82.108837][ T7124] netlink: 500 bytes leftover after parsing attributes in process `syz.2.278'.
[   82.113358][ T7124] unsupported nla_type 58
[   82.114643][ T7126] netlink: 'syz.0.280': attribute type 10 has an invalid length.
[   82.320548][ T7137] netlink: 20 bytes leftover after parsing attributes in process `syz.1.284'.
[   82.367559][ T7145] netlink: 'syz.0.287': attribute type 1 has an invalid length.
[   82.495999][ T7152] netlink: 14568 bytes leftover after parsing attributes in process `syz.1.291'.
[   82.757938][ T7177] netlink: 'syz.0.294': attribute type 1 has an invalid length.
[   83.141693][ T7206] Driver unsupported XDP return value 0 on prog  (id 140) dev N/A, expect packet loss!
[   83.361623][ T7220] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.418458][ T7220] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.477203][ T7220] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.529007][ T7220] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.597078][ T5848] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.611384][ T5848] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.625596][ T5848] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.637791][ T5846] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.728463][ T7224] netlink: 'syz.0.309': attribute type 8 has an invalid length.
[   83.780638][ T7226] 8021q: adding VLAN 0 to HW filter on device bond2
[   83.786117][ T7226] bond0: (slave bond2): Enslaving as a backup interface with a down link
[   84.030298][ T7244] syzkaller1: entered promiscuous mode
[   84.037760][ T7244] syzkaller1: entered allmulticast mode
[   84.375075][ T7278] validate_nla: 65 callbacks suppressed
[   84.375085][ T7278] netlink: 'syz.1.320': attribute type 1 has an invalid length.
[   84.413124][ T7278] 8021q: adding VLAN 0 to HW filter on device bond2
[   84.421486][ T7278] vlan3: entered promiscuous mode
[   84.426225][ T7278] bond2: entered promiscuous mode
[   84.428131][ T7278] vlan3: entered allmulticast mode
[   84.429833][ T7278] bond2: entered allmulticast mode
[   84.439668][ T7278] bond2: (slave gretap1): making interface the new active one
[   84.442044][ T7278] gretap1: entered promiscuous mode
[   84.444070][ T7278] gretap1: entered allmulticast mode
[   84.450281][ T7278] bond2: (slave gretap1): Enslaving as an active interface with an up link
[   84.461211][ T7278] IPVS: ip_vs_add_dest(): server weight less than zero
[   84.472183][ T7278] syz.1.320 (7278) used greatest stack depth: 19528 bytes left
[   85.411192][ T7315] IPVS: ip_vs_add_dest(): server weight less than zero
[   86.304275][ T7354] tipc: Started in network mode
[   86.306399][ T7354] tipc: Node identity c, cluster identity 4711
[   86.308888][ T7354] tipc: Node number set to 12
[   86.340402][ T7358] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[   86.370078][ T7361] IPVS: set_ctl: invalid protocol: 46 224.0.0.2:20003
[   86.509450][ T7375] netlink: 'syz.1.345': attribute type 3 has an invalid length.
[   86.514394][ T7375] __nla_validate_parse: 11 callbacks suppressed
[   86.514405][ T7375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.345'.
[   86.797750][ T7391] IPVS: ip_vs_add_dest(): server weight less than zero
[   86.910541][ T7400] netlink: 40 bytes leftover after parsing attributes in process `syz.1.353'.
[   86.915939][ T7400] netlink: 'syz.1.353': attribute type 32 has an invalid length.
[   87.132619][ T7411] netlink: 'syz.1.355': attribute type 1 has an invalid length.
[   87.144158][ T7411] netlink: 208 bytes leftover after parsing attributes in process `syz.1.355'.
[   87.337147][ T7420] netlink: 84 bytes leftover after parsing attributes in process `syz.0.357'.
[   87.348699][ T7420] netlink: 596 bytes leftover after parsing attributes in process `syz.0.357'.
[   87.505924][ T7435] netlink: 14 bytes leftover after parsing attributes in process `syz.0.361'.
[   87.515485][ T7437] netlink: 'syz.2.362': attribute type 1 has an invalid length.
[   87.538081][ T7433] IPVS: ip_vs_add_dest(): server weight less than zero
[   87.555823][ T7439] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.616598][ T7439] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.714063][ T7439] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.771071][ T7468] netlink: 32 bytes leftover after parsing attributes in process `syz.1.371'.
[   87.810215][ T7439] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.830921][ T7471] netlink: 'syz.2.372': attribute type 1 has an invalid length.
[   87.949485][ T5846] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.973693][ T5846] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.982546][ T5846] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.995971][ T5846] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.485765][ T7518] netlink: 36 bytes leftover after parsing attributes in process `syz.2.382'.
[  113.503472][ T7520] netlink: 'syz.0.383': attribute type 58 has an invalid length.
[  113.507378][ T7520] netlink: 20 bytes leftover after parsing attributes in process `syz.0.383'.
[  113.551135][ T7509] netlink: 8 bytes leftover after parsing attributes in process `syz.0.383'.
[  113.786025][ T7556] IPVS: ip_vs_add_dest(): server weight less than zero
[  113.798559][ T7557] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.810541][    T9] IPVS: starting estimator thread 0...
[  113.839352][ T7557] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.846495][ T7565] netlink: 212924 bytes leftover after parsing attributes in process `syz.1.393'.
[  113.902425][ T7560] IPVS: using max 79 ests per chain, 189600 per kthread
[  113.904446][ T7557] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.954129][ T7557] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.024494][ T5846] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.030587][ T7581] netlink: 132 bytes leftover after parsing attributes in process `syz.1.395'.
[  114.038649][ T5846] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.041993][ T7581] netlink: 87 bytes leftover after parsing attributes in process `syz.1.395'.
[  114.055077][ T5846] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.065573][ T5846] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.380378][ T7603] netlink: 'syz.2.400': attribute type 1 has an invalid length.
[  114.537682][ T7609] netlink: 'syz.2.401': attribute type 9 has an invalid length.
[  114.541122][ T7609] netlink: 'syz.2.401': attribute type 7 has an invalid length.
[  114.544627][ T7609] netlink: 'syz.2.401': attribute type 8 has an invalid length.
[  114.722014][ T7623] IPVS: ip_vs_add_dest(): server weight less than zero
[  114.777620][ T7630] netlink: 44 bytes leftover after parsing attributes in process `syz.0.407'.
[  114.787532][ T7631] netlink: 44 bytes leftover after parsing attributes in process `syz.0.407'.
[  114.824904][ T7636] netlink: 24 bytes leftover after parsing attributes in process `syz.2.409'.
[  114.888303][ T7641] netlink: 24 bytes leftover after parsing attributes in process `syz.2.409'.
[  115.039642][ T7664] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.088758][ T7664] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.229454][ T7664] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.279710][ T7664] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.289779][ T7696] netlink: 'syz.0.428': attribute type 1 has an invalid length.
[  115.344218][ T7702] IPVS: ip_vs_add_dest(): server weight less than zero
[  115.568634][ T7728] netlink: 'syz.1.438': attribute type 3 has an invalid length.
[  115.710688][ T7744] IPVS: ip_vs_add_dest(): server weight less than zero
[  116.141532][ T7783] netlink: 'syz.0.455': attribute type 8 has an invalid length.
[  116.165452][ T7783] 8021q: adding VLAN 0 to HW filter on device bond4
[  116.168776][ T7783] bond0: (slave bond4): Enslaving as a backup interface with a down link
[  116.172017][ T7786] IPVS: ip_vs_add_dest(): server weight less than zero
[  116.210484][ T7790] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.248694][ T7790] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.287555][ T7790] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.335601][ T7790] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.342024][ T7805] netlink: 'syz.1.463': attribute type 16 has an invalid length.
[  116.410484][ T5848] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.415186][ T5848] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.422385][ T5848] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.433987][ T5848] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.477764][ T7822] netlink: 'syz.0.466': attribute type 1 has an invalid length.
[  116.516576][ T7824] ==================================================================
[  116.519201][ T7824] BUG: KASAN: slab-use-after-free in __xfrm_state_insert+0x8af/0x1450
[  116.521777][ T7824] Read of size 1 at addr ffff8880235c9530 by task syz.1.467/7824
[  116.525177][ T7824] 
[  116.525972][ T7824] CPU: 1 UID: 0 PID: 7824 Comm: syz.1.467 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f-dirty #0 PREEMPT(full) 
[  116.525984][ T7824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  116.525989][ T7824] Call Trace:
[  116.525995][ T7824]  <TASK>
[  116.525998][ T7824]  dump_stack_lvl+0x189/0x250
[  116.526011][ T7824]  ? __virt_addr_valid+0x1c8/0x5c0
[  116.526021][ T7824]  ? rcu_is_watching+0x15/0xb0
[  116.526036][ T7824]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.526044][ T7824]  ? rcu_is_watching+0x15/0xb0
[  116.526055][ T7824]  ? lock_release+0x4b/0x3e0
[  116.526067][ T7824]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  116.526077][ T7824]  ? __virt_addr_valid+0x1c8/0x5c0
[  116.526085][ T7824]  ? __virt_addr_valid+0x4a5/0x5c0
[  116.526093][ T7824]  print_report+0xca/0x240
[  116.526104][ T7824]  ? __xfrm_state_insert+0x8af/0x1450
[  116.526112][ T7824]  kasan_report+0x118/0x150
[  116.526124][ T7824]  ? __xfrm_state_insert+0x8af/0x1450
[  116.526132][ T7824]  __xfrm_state_insert+0x8af/0x1450
[  116.526141][ T7824]  ? xfrm_state_insert+0x44/0x60
[  116.526148][ T7824]  xfrm_state_insert+0x54/0x60
[  116.526155][ T7824]  ipcomp6_init_state+0x655/0x900
[  116.526165][ T7824]  __xfrm_init_state+0xa76/0x13f0
[  116.526174][ T7824]  ? __xfrm_init_state+0x7ef/0x13f0
[  116.526185][ T7824]  xfrm_add_sa+0x2f5b/0x4070
[  116.526196][ T7824]  ? __pfx_xfrm_add_sa+0x10/0x10
[  116.526204][ T7824]  ? apparmor_capable+0x137/0x1b0
[  116.526212][ T7824]  ? __nla_parse+0x40/0x60
[  116.526221][ T7824]  xfrm_user_rcv_msg+0x7a3/0xab0
[  116.526230][ T7824]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  116.526244][ T7824]  ? __pfx___mutex_trylock_common+0x10/0x10
[  116.526252][ T7824]  ? rcu_is_watching+0x15/0xb0
[  116.526262][ T7824]  ? trace_contention_end+0x39/0x120
[  116.526270][ T7824]  ? __mutex_lock+0x335/0x1340
[  116.526281][ T7824]  netlink_rcv_skb+0x208/0x470
[  116.526292][ T7824]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  116.526301][ T7824]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  116.526313][ T7824]  ? netlink_deliver_tap+0x2e/0x1b0
[  116.526322][ T7824]  ? netlink_deliver_tap+0x2e/0x1b0
[  116.526332][ T7824]  xfrm_netlink_rcv+0x79/0x90
[  116.526341][ T7824]  netlink_unicast+0x82f/0x9e0
[  116.526351][ T7824]  ? __pfx_netlink_unicast+0x10/0x10
[  116.526360][ T7824]  ? netlink_sendmsg+0x642/0xb30
[  116.526370][ T7824]  ? skb_put+0x11b/0x210
[  116.526377][ T7824]  netlink_sendmsg+0x805/0xb30
[  116.526389][ T7824]  ? __pfx_netlink_sendmsg+0x10/0x10
[  116.526400][ T7824]  ? aa_sock_msg_perm+0x94/0x160
[  116.526410][ T7824]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  116.526422][ T7824]  ? __pfx_netlink_sendmsg+0x10/0x10
[  116.526433][ T7824]  __sock_sendmsg+0x21c/0x270
[  116.526443][ T7824]  ____sys_sendmsg+0x505/0x830
[  116.526451][ T7824]  ? __pfx_____sys_sendmsg+0x10/0x10
[  116.526459][ T7824]  ? import_iovec+0x74/0xa0
[  116.526470][ T7824]  ___sys_sendmsg+0x21f/0x2a0
[  116.526477][ T7824]  ? __pfx____sys_sendmsg+0x10/0x10
[  116.526490][ T7824]  ? __fget_files+0x2a/0x420
[  116.526497][ T7824]  ? __fget_files+0x3a0/0x420
[  116.526505][ T7824]  __x64_sys_sendmsg+0x19b/0x260
[  116.526513][ T7824]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  116.526523][ T7824]  ? do_syscall_64+0xbe/0x3b0
[  116.526534][ T7824]  do_syscall_64+0xfa/0x3b0
[  116.526544][ T7824]  ? lockdep_hardirqs_on+0x9c/0x150
[  116.526553][ T7824]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.526560][ T7824]  ? exc_page_fault+0x9f/0xf0
[  116.526570][ T7824]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.526577][ T7824] RIP: 0033:0x7ff7c718eb69
[  116.526584][ T7824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.526591][ T7824] RSP: 002b:00007ff7c7f31038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  116.526600][ T7824] RAX: ffffffffffffffda RBX: 00007ff7c73b5fa0 RCX: 00007ff7c718eb69
[  116.526605][ T7824] RDX: 0000000000004800 RSI: 00002000000035c0 RDI: 0000000000000007
[  116.526610][ T7824] RBP: 00007ff7c7211df1 R08: 0000000000000000 R09: 0000000000000000
[  116.526615][ T7824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  116.526619][ T7824] R13: 0000000000000000 R14: 00007ff7c73b5fa0 R15: 00007ffd8c595b98
[  116.526626][ T7824]  </TASK>
[  116.526629][ T7824] 
[  116.657186][ T7824] Allocated by task 6602:
[  116.658599][ T7824]  kasan_save_track+0x3e/0x80
[  116.660152][ T7824]  __kasan_slab_alloc+0x6c/0x80
[  116.661854][ T7824]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  116.663633][ T7824]  xfrm_state_alloc+0x24/0x2f0
[  116.665285][ T7824]  __find_acq_core+0x8a7/0x1c00
[  116.667030][ T7824]  xfrm_find_acq+0x78/0xa0
[  116.668568][ T7824]  xfrm_alloc_userspi+0x6b3/0xc90
[  116.670214][ T7824]  xfrm_user_rcv_msg+0x7a3/0xab0
[  116.671894][ T7824]  netlink_rcv_skb+0x208/0x470
[  116.673459][ T7824]  xfrm_netlink_rcv+0x79/0x90
[  116.675014][ T7824]  netlink_unicast+0x82f/0x9e0
[  116.676558][ T7824]  netlink_sendmsg+0x805/0xb30
[  116.678136][ T7824]  __sock_sendmsg+0x21c/0x270
[  116.679664][ T7824]  ____sys_sendmsg+0x505/0x830
[  116.681208][ T7824]  ___sys_sendmsg+0x21f/0x2a0
[  116.682748][ T7824]  __x64_sys_sendmsg+0x19b/0x260
[  116.684357][ T7824]  do_syscall_64+0xfa/0x3b0
[  116.685870][ T7824]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.687768][ T7824] 
[  116.688568][ T7824] Freed by task 9:
[  116.689786][ T7824]  kasan_save_track+0x3e/0x80
[  116.691358][ T7824]  kasan_save_free_info+0x46/0x50
[  116.693016][ T7824]  __kasan_slab_free+0x62/0x70
[  116.694591][ T7824]  kmem_cache_free+0x18f/0x400
[  116.696175][ T7824]  xfrm_state_gc_task+0x518/0x6a0
[  116.697816][ T7824]  process_scheduled_works+0xae1/0x17b0
[  116.699626][ T7824]  worker_thread+0x8a0/0xda0
[  116.701162][ T7824]  kthread+0x711/0x8a0
[  116.702487][ T7824]  ret_from_fork+0x3fc/0x770
[  116.704022][ T7824]  ret_from_fork_asm+0x1a/0x30
[  116.705596][ T7824] 
[  116.706424][ T7824] The buggy address belongs to the object at ffff8880235c9200
[  116.706424][ T7824]  which belongs to the cache xfrm_state of size 928
[  116.710813][ T7824] The buggy address is located 816 bytes inside of
[  116.710813][ T7824]  freed 928-byte region [ffff8880235c9200, ffff8880235c95a0)
[  116.715222][ T7824] 
[  116.716037][ T7824] The buggy address belongs to the physical page:
[  116.718131][ T7824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880235c8480 pfn:0x235c8
[  116.721305][ T7824] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  116.724034][ T7824] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  116.726743][ T7824] page_type: f5(slab)
[  116.728056][ T7824] raw: 00fff00000000240 ffff888104f4b640 ffff88801af76708 ffffea0000c74a10
[  116.730789][ T7824] raw: ffff8880235c8480 00000000000e0007 00000000f5000000 0000000000000000
[  116.733524][ T7824] head: 00fff00000000240 ffff888104f4b640 ffff88801af76708 ffffea0000c74a10
[  116.736279][ T7824] head: ffff8880235c8480 00000000000e0007 00000000f5000000 0000000000000000
[  116.739064][ T7824] head: 00fff00000000002 ffffea00008d7201 00000000ffffffff 00000000ffffffff
[  116.741869][ T7824] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  116.744651][ T7824] page dumped because: kasan: bad access detected
[  116.746761][ T7824] page_owner tracks the page as allocated
[  116.748585][ T7824] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6208, tgid 6206 (syz.1.62), ts 62992601978, free_ts 62987851470
[  116.754547][ T7824]  post_alloc_hook+0x240/0x2a0
[  116.756137][ T7824]  get_page_from_freelist+0x21e4/0x22c0
[  116.757932][ T7824]  __alloc_frozen_pages_noprof+0x181/0x370
[  116.759817][ T7824]  alloc_pages_mpol+0x232/0x4a0
[  116.761450][ T7824]  allocate_slab+0x8a/0x3b0
[  116.762925][ T7824]  ___slab_alloc+0xbfc/0x1480
[  116.764467][ T7824]  kmem_cache_alloc_noprof+0x283/0x3c0
[  116.766225][ T7824]  xfrm_state_alloc+0x24/0x2f0
[  116.767845][ T7824]  __find_acq_core+0x8a7/0x1c00
[  116.769413][ T7824]  xfrm_find_acq+0x78/0xa0
[  116.770885][ T7824]  xfrm_alloc_userspi+0x6b3/0xc90
[  116.772550][ T7824]  xfrm_user_rcv_msg+0x7a3/0xab0
[  116.774181][ T7824]  netlink_rcv_skb+0x208/0x470
[  116.775744][ T7824]  xfrm_netlink_rcv+0x79/0x90
[  116.777284][ T7824]  netlink_unicast+0x82f/0x9e0
[  116.778904][ T7824]  netlink_sendmsg+0x805/0xb30
[  116.780448][ T7824] page last free pid 6208 tgid 6206 stack trace:
[  116.782496][ T7824]  __free_frozen_pages+0xc71/0xe70
[  116.784170][ T7824]  stack_depot_save_flags+0x445/0x900
[  116.785937][ T7824]  kasan_save_track+0x4f/0x80
[  116.787450][ T7824]  __kasan_slab_alloc+0x6c/0x80
[  116.789045][ T7824]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  116.790851][ T7824]  skb_clone+0x212/0x3a0
[  116.792239][ T7824]  __netlink_deliver_tap+0x404/0x850
[  116.793963][ T7824]  netlink_deliver_tap+0x19c/0x1b0
[  116.795644][ T7824]  netlink_dump+0x92b/0xe90
[  116.797144][ T7824]  __netlink_dump_start+0x5cb/0x7e0
[  116.798817][ T7824]  rtnetlink_rcv_msg+0x9eb/0xb70
[  116.800437][ T7824]  netlink_rcv_skb+0x208/0x470
[  116.802019][ T7824]  netlink_unicast+0x82f/0x9e0
[  116.803574][ T7824]  netlink_sendmsg+0x805/0xb30
[  116.805150][ T7824]  __sock_sendmsg+0x21c/0x270
[  116.806675][ T7824]  ____sys_sendmsg+0x505/0x830
[  116.808262][ T7824] 
[  116.809053][ T7824] Memory state around the buggy address:
[  116.810849][ T7824]  ffff8880235c9400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  116.813444][ T7824]  ffff8880235c9480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  116.816028][ T7824] >ffff8880235c9500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  116.818627][ T7824]                                      ^
[  116.820421][ T7824]  ffff8880235c9580: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  116.823020][ T7824]  ffff8880235c9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  116.825599][ T7824] ==================================================================
[  116.828467][ T7824] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  116.830790][ T7824] CPU: 1 UID: 0 PID: 7824 Comm: syz.1.467 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f-dirty #0 PREEMPT(full) 
[  116.834664][ T7824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  116.837887][ T7824] Call Trace:
[  116.839011][ T7824]  <TASK>
[  116.839980][ T7824]  dump_stack_lvl+0x99/0x250
[  116.841498][ T7824]  ? __asan_memcpy+0x40/0x70
[  116.843007][ T7824]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.844698][ T7824]  ? __pfx__printk+0x10/0x10
[  116.846215][ T7824]  panic+0x2db/0x790
[  116.847493][ T7824]  ? lockdep_hardirqs_on+0x9c/0x150
[  116.849247][ T7824]  ? __pfx_panic+0x10/0x10
[  116.850706][ T7824]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  116.852618][ T7824]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  116.854564][ T7824]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  116.856626][ T7824]  ? __xfrm_state_insert+0x8af/0x1450
[  116.858359][ T7824]  check_panic_on_warn+0x89/0xb0
[  116.859971][ T7824]  ? __xfrm_state_insert+0x8af/0x1450
[  116.861731][ T7824]  end_report+0x78/0x160
[  116.863120][ T7824]  kasan_report+0x129/0x150
[  116.864595][ T7824]  ? __xfrm_state_insert+0x8af/0x1450
[  116.866356][ T7824]  __xfrm_state_insert+0x8af/0x1450
[  116.868054][ T7824]  ? xfrm_state_insert+0x44/0x60
[  116.869654][ T7824]  xfrm_state_insert+0x54/0x60
[  116.871224][ T7824]  ipcomp6_init_state+0x655/0x900
[  116.872873][ T7824]  __xfrm_init_state+0xa76/0x13f0
[  116.874489][ T7824]  ? __xfrm_init_state+0x7ef/0x13f0
[  116.876176][ T7824]  xfrm_add_sa+0x2f5b/0x4070
[  116.877672][ T7824]  ? __pfx_xfrm_add_sa+0x10/0x10
[  116.879308][ T7824]  ? apparmor_capable+0x137/0x1b0
[  116.880966][ T7824]  ? __nla_parse+0x40/0x60
[  116.882423][ T7824]  xfrm_user_rcv_msg+0x7a3/0xab0
[  116.884037][ T7824]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  116.885837][ T7824]  ? __pfx___mutex_trylock_common+0x10/0x10
[  116.887725][ T7824]  ? rcu_is_watching+0x15/0xb0
[  116.889327][ T7824]  ? trace_contention_end+0x39/0x120
[  116.891022][ T7824]  ? __mutex_lock+0x335/0x1340
[  116.892534][ T7824]  netlink_rcv_skb+0x208/0x470
[  116.894077][ T7824]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  116.895839][ T7824]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  116.897548][ T7824]  ? netlink_deliver_tap+0x2e/0x1b0
[  116.899226][ T7824]  ? netlink_deliver_tap+0x2e/0x1b0
[  116.900968][ T7824]  xfrm_netlink_rcv+0x79/0x90
[  116.902544][ T7824]  netlink_unicast+0x82f/0x9e0
[  116.904126][ T7824]  ? __pfx_netlink_unicast+0x10/0x10
[  116.905871][ T7824]  ? netlink_sendmsg+0x642/0xb30
[  116.907502][ T7824]  ? skb_put+0x11b/0x210
[  116.908915][ T7824]  netlink_sendmsg+0x805/0xb30
[  116.910487][ T7824]  ? __pfx_netlink_sendmsg+0x10/0x10
[  116.912208][ T7824]  ? aa_sock_msg_perm+0x94/0x160
[  116.913837][ T7824]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  116.915502][ T7824]  ? __pfx_netlink_sendmsg+0x10/0x10
[  116.917232][ T7824]  __sock_sendmsg+0x21c/0x270
[  116.918790][ T7824]  ____sys_sendmsg+0x505/0x830
[  116.920360][ T7824]  ? __pfx_____sys_sendmsg+0x10/0x10
[  116.922094][ T7824]  ? import_iovec+0x74/0xa0
[  116.923584][ T7824]  ___sys_sendmsg+0x21f/0x2a0
[  116.925139][ T7824]  ? __pfx____sys_sendmsg+0x10/0x10
[  116.926816][ T7824]  ? __fget_files+0x2a/0x420
[  116.928346][ T7824]  ? __fget_files+0x3a0/0x420
[  116.929887][ T7824]  __x64_sys_sendmsg+0x19b/0x260
[  116.931484][ T7824]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  116.933250][ T7824]  ? do_syscall_64+0xbe/0x3b0
[  116.934775][ T7824]  do_syscall_64+0xfa/0x3b0
[  116.936285][ T7824]  ? lockdep_hardirqs_on+0x9c/0x150
[  116.938012][ T7824]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.940033][ T7824]  ? exc_page_fault+0x9f/0xf0
[  116.941604][ T7824]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.943519][ T7824] RIP: 0033:0x7ff7c718eb69
[  116.945003][ T7824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.951161][ T7824] RSP: 002b:00007ff7c7f31038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  116.953919][ T7824] RAX: ffffffffffffffda RBX: 00007ff7c73b5fa0 RCX: 00007ff7c718eb69
[  116.956498][ T7824] RDX: 0000000000004800 RSI: 00002000000035c0 RDI: 0000000000000007
[  116.959053][ T7824] RBP: 00007ff7c7211df1 R08: 0000000000000000 R09: 0000000000000000
[  116.961645][ T7824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  116.964216][ T7824] R13: 0000000000000000 R14: 00007ff7c73b5fa0 R15: 00007ffd8c595b98
[  116.966756][ T7824]  </TASK>
[  116.968401][ T7824] Kernel Offset: disabled
[  116.969791][ T7824] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:05:44  Registers:
info registers vcpu 0

CPU#0
RAX=1ffff1100463cc50 RBX=ffffc90000007d40 RCX=8b71177b60ab5300 RDX=0000000000000000
RSI=ffffffff8db65e93 RDI=ffffc90000007d40 RBP=ffffc90000007e30 RSP=ffffc90000007bb0
R8 =ffffffff8fa07af7 R9 =1ffffffff1f40f5e R10=dffffc0000000000 R11=fffffbfff1f40f5f
R12=dffffc0000000000 R13=1ffff92000000fa8 R14=ffff8880231e6280 R15=ffffc90000007d50
RIP=ffffffff81a82402 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8680000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00002000000035c0 CR3=000000002f32c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=00000000ffffffe6 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=ffffffe600000000 0000000000657461
XMM08=0000000000000000 0000000800001fff XMM09=0000000000000000 00007ff7c7212f89
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001270 RDI=0000000000001271 RBP=00000000000003f8 RSP=ffffc9000a25e9f0
R8 =ffff8881079e0237 R9 =1ffff11020f3c046 R10=dffffc0000000000 R11=ffffffff854c1d90
R12=dffffc0000000000 R13=ffffffff99a95922 R14=ffffffff99d9a4e0 R15=0000000000000000
RIP=ffffffff854c1e0c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007ff7c7f316c0 ffffffff 00c00000
GS =0000 ffff8881a3c80000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0f6bffcfc8 CR3=000000002f32c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffff 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=ffffffffffffffff ffffffffffffffff XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 000000000000ff00 XMM05=00007ff7c7387478 00007ff7c73874c0
XMM06=00007ff7c73874b8 00007ff7c73874b0 XMM07=00007ff7c73874a8 00007ff7c73874a0
XMM08=0000000000000000 00007ff7c7212eab XMM09=0000000000000000 00007ff7c7212f89
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
